Welcome to cxsecurity. enjoy
Bugtraq Stats

Yesterday: {{ x.iyest }}
Last month: {{ x.imont }}
Current month: {{ x.icurr }}
Total: {{ x.itotal }}

Best Hackers:
{{ te.id }}. {{te.nameDis}}
CVE database

Last Update: {{ x.cyest }}
Last month: {{ x.cmont }}
Current month: {{ x.ccur }}
Total CVE: {{ x.ctotal }}

Affected
{{te.id}}. {{te.nameDis}} ({{te.count}})
Random comment
{{ x.title }}
{{ x.auth }}
{{ x.text }}
Voted
{{ x.nameSh }} +{{x.pos}} {{x.neg}}

2024-04-16
High
BMC Compuware iStrobe Web 20.13 Pre-auth RCE CVE-2023-40304
trancap
Med.
Centreon 23.10-1.el8 SQL Injection
Cody Sixteen
High
CrushFTP Remote Code Execution CVE-2023-43177
Christophe de la Fuente
High
kruxton-1.0-FileUpload-RCE
nu11secur1ty
High
Backdoor.Win32.Dumador.c / Remote Stack Buffer Overflow (SEH)
malvuln
2024-04-15
Med.
Amazon AWS Glue Database Password Disclosure
Michael Werner
High
OpenClinic GA 5.247.01 Path Traversal (Authenticated) CVE-2023-40279
V. B.
High
PrusaSlicer 2.6.1 Arbitrary Code Execution CVE-2023-47268
Kamil Brenski
Med.
AMPLE BILLS 0.1 SQL injection
nu11secur1ty
Med.
kruxton-1.0-Multiple-SQLi
nu11secur1ty
High
Django REST Framework SimpleJWT 5.3.1 Information Disclosure CVE-2024-22513
Dhrumil Mistry
Med.
Jenkins 2.441 Local File Inclusion CVE-2024-23897
Matisse Beckandt
Med.
Moodle 3.10.1 SQL Injection CVE-2021-36393
Julio Ángel Ferrari

The latest CVEs

2024-04-20
CVE-2024-4014
The hCaptcha for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cf7-hcaptcha shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level acces...
CVE-2024-1057
The ShopLentor ?? WooCommerce Builder for Elementor & Gutenberg +10 Modules ?? All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wishsuite_button' shortcode in all versions up to, and including, 2.8.1 due to insufficient input sanitization and output escap...
CVE-2024-1730
The Prime Slider ?? Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to ...
CVE-2024-1480
Unitronics Vision Standard line of controllers allow the Information Mode password to be retrieved without authentication.
CVE-2024-31994
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, an attacker can point the image request to an arbitrarily large file. Mealie will attempt to retrieve this file in whole. If it can be retrieved, it may be stored on the file system in whole (leading to possible disk consumption), however the more likely scenario given resourc...
2024-04-19
CVE-2024-1681
corydolphin/flask-cors is vulnerable to log injection when the log level is set to debug. An attacker can inject fake log entries into the log file by sending a specially crafted GET request containing a CRLF sequence in the request path. This vulnerability allows attackers to corrupt log files, potentially covering tracks of other attacks, confusi...
CVE-2024-22905
Buffer Overflow vulnerability in ARM mbed-os v.6.17.0 allows a remote attacker to execute arbitrary code via a crafted script to the hciTrSerialRxIncoming function.
CVE-2024-30974
SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.
CVE-2024-31584
Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
CVE-2024-31991
Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safe_scrape_html function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it, add any restrictions on the URL that can be provid...

Dorks

2024-04-14
Med.
Bigem Teknoloji - Sql Injection
"Designed by Bigem Teknoloji"
 behrouz mansoori
2024-04-06
Med.
SolarView Compact 6.00 - Command Injection
http.html:"solarview compact"
 parsa rezaie khiabanloo
2024-03-30
High
SolarView Compact 6.00 - Command Injection Bypass authentication( CVE-2023-23333 )
http.html:"solarview compact"
 parsa rezaie khiabanloo
2024-03-24
Med.
Chenarkhayyam - Sql Injection And Waf , Cdn Bypass
"طراحی شده توسط سایت چنار خیام"
 parsa rezaie khiabanloo
2024-03-20
High
SolarView Compact 6.00 Command Injection( CVE-2023-23333 )
http.html:"solarview compact"
 ByteHunter
Quick goto:

Bugtraq The latest CVEs Dorks
Search

Are you looking CVE for some product?

Top Vendors:

Apple Microsoft Google Oracle Apache IBM Red Hat HP Adobe Mozilla
 
Full List of Vendors

Top Products:

Linux Kernel Mac OS X Windows XP Windows 10 Flash Player Adobe Reader PHP JRE JDK
Wordpress Joomla Chrome IE Firefox Safari HTTPD Tomcat Nginx
 

Full List of Products

Top CWE:

CWE-89 (SQL Injection) CWE-79 (XSS) CWE-119 (Buffer Overflow) CWE-22 (Path Traversal)
 
Check CWE Dictionary

Donate:
is an open project developed and moderated fully by one independent person.
Help develop the project and make
Donations
Copyright 2024, cxsecurity.com

 

Back to Top